Novell Messenger Client Contact File Processing Buffer Overflow Vulnerability

ID: IRCAD2012021747
Release Date: 2012-02-21
Criticality level: Highly critical
Software: Novell Messenger Client 2.x
Luigi Auriemma has discovered a vulnerability in Novell Messenger Client, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error when processing the "name" value of a "folder" tag. This can be exploited to cause a stack-based buffer overflow via a specially crafted contact list file.
Successful exploitation allows execution of arbitrary code, but requires tricking a user into opening or importing a malicious file.
The vulnerability is confirmed in version 2.1.0. Other versions may also be affected.
Do not open or import contact list files from untrusted sources.

The Wall

No comments
You need to sign in to comment